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A  fundamental  technique  used  by  many  algorithms  in  computer  algebra  is  in¬ 
terpolating  polynomials  from  their  values.  This  paper  discusses  two  algorithms 
for  solving  this  problem  for  sparse  multivariate  polynomials,  an  updated  version 
of  a  probabilistic  one  and  a  new  determinstic  technique  that  uses  some  ideas  due 
to  Ben-Or  and  Tiwari  (1988).  In  addition  algorithms  are  presented  for  quickly 
finding  points  that  are  not  zeroes  of  sparse  multivariate  polynomials — the  zerp 
avoidaince  problem.  j:  .  / 


1.  Introduction 

Mathematical  calcvdations  involving  polynomials  or  other  symbolic  quantities  suf¬ 
fer  from  a  problem  not  found  in  numerical  calculations;  intermediate  expression  swell. 

That  is,  when  performed  in  a  straightforward  fashion,  the  intermediate  expressions  of  a 
calculation  Me  much  larger  than  the  final  answer.  Fundamentally,  this  difference  is  due 
to  the  fact  that  the  amoimt  of  space  required  to  represent  the  product  of  two  floating 
point  numbers  is  about  as  much  as  for  each  of  the  original  multiplicands.  However, 
the  space  required  for  the  product  of  two  multivariate  polynomials  can  be  much  leirger 
than  that  required  for  the  multiplicands.  In  fact,  even  the  siun  of  two  multivariate/ 
polynomials  can  be  twice  as  large  the  summands.  This  effect  is  more  pronounced  withy^spEcrFo 
polynomials  with  more  variables.  Thus  problems  with  a  few  symbolic  variables  suffer 
less  from  intermediate  expression  swell  than  problems  with  many  variables. 

Two  fundamental  approaches  to  this  problem  have  been  suggested.  Each  generates 
one  or  more  simplified  computations  where  some  of  the  symbolic  variables  are  replaced  7 

by  numerical  values.  These  simplified  problems  do  not  suffer  as  much  from  intermediate  jX 
expression  swell  and  may  be  solved  more  easily  than  the  orgineJ  problem.  The  two 
techniques  differ  in  how  they  determine  the  solution  of  the  origined  problem  from  the 
solutions  to  the  simplified  ones.  _ 

The  first  approach,  which  we  call  the  modular  technique,  solves  a  large  number  of  _  ~ 

simplified  problems  but  uses  carefully  chosen  values  for  the  symbolic  variables.  These  \ 

solutions  are  then  interpolated  to  recover  the  variables  eliminated  in  the  simplified  _ 
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problems,  producing  the  final  answer.  In  many  practical  algorithms  the  resulting  in¬ 
termediate  expressions  do  not  involve  any  symbolic  variables  and  there  is  essentially 
no  intermediate  expression  swell.  This  interpolation  technique  was  first  introduced  in 
the  moduliir  GCD  algorithm  of  Brown  (1971). 

The  second  approach,  which  we  call  Newton*s  technique,  uses  the  solution  to  a 
single  simplified  problem  as  a  the  initial  value  for  a  p-adic  solution  derived  by  New¬ 
ton’s  iteration.  (Conversion  of  a  p-adic  solution  to  a  solution  in  the  original  ring  is 
rarely  difficxilt.)  This  is  the  basic  idea  behind  the  polynomial  fzw:toring  algorithm  of 
Wang  zmd  Rothschild  (1975),  the  EZGCD  algorithm  of  Moses  Euid  Yun  (1973)  and  its 
successors  Wang  (1978)  and  most  of  the  polynomial  fiurtoring  algorithm.*?  now  in  use. 
Both  the  modular  technique  and  Newton’s  technique  suffer  when  the  answer  is  sparse 
(has  relatively  few  non- zero  coefficients).  In  this  case  a  great  deal  of  effort  is  expended 
computing  coefficients  that  are  zero. 

Versions  of  both  the  modular  technique  and  Newton’s  technique  whose  time  com¬ 
plexity  is  probabilistic  polynomial  were  first  given  in  Zippel  (1979,  1980).  Applications 
of  these  techniques  to  polynomial  factoring  and  their  anzilysis  and  extension,  have  been 
presented  in  a  number  of  papers  by  von  zur  Gathen  and  Kedtofen:  von  zur  Gathen 
(1983,  1985),  Kaltofen  (1985a,  1985b,  1987)  and  von  zur  Gathen  and  Kaltofen  (1985). 
The  probabilistic  nature  of  these  algorithms  stems  from  an  assumption  about  certain 
polynomials  that  arise  in  the  calculation.  It  is  known  that  the  values  of  these  poly- 
nomizJs  at  certain  points  are  zero.  This  could  happen  either  if  the  polynomials  were 
identically  zero  or  if  the  points  chosen  happened  to  be  zeros  of  the  polynomials.  The 
key  assumption  of  these  algorithms  is  that  the  polynomials  are  identically  zero.  These 
algorithms  can  be  made  deterministic  by  choosing  points  that  cannot  all  be  zeroes  of 
these  polynomials.  We  call  this  the  zero  avoidance  problem. 

Problem.  (Zero  Avoidance  Problem)  Given  some  set  of  parameters  for  a  polynomial 
(number  of  variables,  degree,  number  of  non-zero  terms,  size  of  coefficients,  etc.)  choose 
a  set  of  points  S  such  that  no  polynomial  with  those  parameters  vanishes  at  all  of  the 
points  of  S. 

The  original  sparse  polynomial  algorithms  used  oiJy  the  number  of  variables  (n)  and 
degree  (d)  parameters  in  choosing  the  set  S.  It  is  easy  to  show  that  S  must  contain 
at  least  (d  -|- 1)"  points  (see  proposition  1  in  section  2).  To  prove  that  a  polynomial  is 
zero  using  this  set  of  points  would  require  time  exponential  in  the  number  of  variables. 
Thus  fast  algorithms  that  use  only  these  parameters  are  probabilistic.  The  deterministic 
algorithms  given  here  also  make  use  of  the  number  of  non-zero  terms  (T)  in  choosing 
S.  It  is  the  information  contained  in  this  additional  parameter  that  keeps  the  size  of 
S  small. 

Many  of  the  ideas  used  to  solve  the  zero  avoidance  problem  can  be  used  to  clarify 
and  simplify  certain  steps  in  the  modular  technique.  The  particular  piece  that  we 
discuss  in  this  paper  we  call  the  interpolation  problem.  Rather  than  choosing  points  to 
prove  that  a  polynomial  is  not  identically  zero,  we  go  further  and  actually  determine 
the  polynomial  itself. 
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Problem.  (Interpolation  Problem)  Given  a  set  of  parameters  for  a  polynomial  (num¬ 
ber  of  variables,  degree,  number  of  non-zero  terms,  size  of  coefficients,  etc.)  choose  a 
set  of  points  S  with  the  following  property.  For  any  polynomial  P  with  those  param¬ 
eters,  P  can  be  determined  from  S  and  P(S)  quickly,  i.e.  either  polynomial  time  or 
probabilistic  polynomial  time. 

In  this  paper  we  present  three  solutions  to  the  zero  avoidance  problem,  and  two 
solutions  to  the  interpolation  problem.  Each  is  summarized  in  the  following  two  tables. 


Zero  Avoidance  Problem 

Schwartz 

Zippel 

Ben-Or  Tiwari 

Algorithm  Type 

Probabilistic 

Deterministic 

Deterministic 

Number  of  Evaluations 

1 

nT^ 

T-f  1 

Chance  of  error 

€ 

0 

0 

Size  of  Evaluation  Points 

nT  log  T 

Tlogn 

The  column  labeled  “Schweirtz”  corresponds  to  the  probabilistic  algorithm  pre¬ 
sented  by  J.  Schwartz  (1980),  and  which  is  intrinsic  to  Zippel  (1979).  Since  it  does  not 
taJce  into  consideration  the  momber  of  non-zero  terms  in  the  P,  the  parameter  T  does 
not  appear.  In  the  third  column,  labeled  “Ben-Or  Tiwari,”  we  give  the  recent  results 
of  Ben-Or  and  Tiwari  (1988).  The  second  column,  labeled  “Zippel,”  is  a  new  algorithm 
presented  here.  Though  its  performance  is  inferior  to  that  of  Ben-Or  and  Tiwari  it 
makes  use  of  some  new  techniques  that  may  be  of  use  in  other  problems.  In  particular, 
it  can  be  used  to  solve  a  vaxiamt  of  the  zero  avoidance  problem  for  polynomials  over 
finite  fields. 

For  the  interpolation  problem  a  new  parameter  arises,  t  the  true  number  of  non¬ 
zeroes  terms  in  P.  This  can  be  much  smaller  than  the  a  priori  bound  on  the  number 
of  non-zero  terms  T. 


Interpolation  Problem 

Zippel 

Zippel 

Ben-Or  Tiwari 

Algorithm  Type 

Probabilistic 

Deterministic 

Deterministic 

Degree  Boimds 

Yes 

Yes 

No 

Number  of  Operations 

ndP 

ndt^T 

(log2  T  -f  log  nd) 

Number  of  Evaluations 

ndt 

ndtT 

2T 

Size  of  Evaluation  Points 

T  log  n  log  log  n 

T  log  n  log  log  n 
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The  first  column  of  this  table  characterizes  the  author’s  original  probabilistic  algo¬ 
rithm  updated  to  include  an  idea  of  Ben-Or  and  Tiwari.  The  third  column  corresponds 
to  the  determinsistic  algorithm  due  to  Ben-Or  and  Tiwari  (1988).  It  is  unique  in  that 
it  does  not  require  a  priori  boimds  on  the  degrees  of  the  variables  that  appear  in  the 
result.  Notice  that  the  probabilistic  algorithm  is  significantly  better  than  the  deter¬ 
ministic  one  when  the  botmd  on  the  number  of  terms  is  not  sharp  (T  ^  t).  The  second 
“Zippel”  edgorithm  is  a  new  deterministic  variant  of  the  probabilistic  algorithm  whose 
dependence  on  T  is  not  quite  so  strong  as  Ben-Or  and  Tiwari’s  algorithm.  Thus  it  also 
performs  especially  well  when  T  is  not  a  sharp  bovmd. 


Interpolation  Problem 

Kaltofen- Yagati 

KcJtofen- Yagati 

Algorithm  Type 

Probabilistic 

Deterministic 

Degree  Bounds 

Yes 

Yes 

Number  of  Operations 

ndM(t)  log  t 

ndTM{t)  logf 

Number  of  Evaluations 

ndt 

ndtT 

Size  of  Evaluation  Points 

log'-T 

T  log  n  log  log  n 

Kaltofen  and  Yagati  (1988)  have  suggested  an  improved  technique  for  solving  the 
systems  of  linear  equations  that  arise  in  the  two  interpolation  algorithms  discussed  in 
this  paper.  Their  ideas  improve  the  algorithms  discussed  in  the  paper  to  give  the  per¬ 
formance  figures  given  above.  In  this  table  M(t)  denotes  the  complexity  of  multiplying 
two  univariate  polynomizds  of  degree  t.  This  varieint  of  the  deterministic  algorithm  is 
competitive  with  Ben-Or  and  Tiwari’s  algorithm. 

In  the  conclusions  we  give  some  comments  on  how  these  algorithm  impact  some  of 
the  original  calculations,  such  as  greatest  common  divisor  and  factorization  problems. 

2.  Generalities 

We  let  Z  denote  the  rational  integers  and  Z/(m)  the  integers  modulo  m.  F, 
denotes  the  finite  field  with  q  elements  zmd  F*  its  multiplicative  subgroup. 

Throughout  this  paper  we  assume  polynomials  are  represented  as  a  list  of  mono¬ 
mials  (pairs  of  exponent-vectors  and  coefficients)  and  that  monomials  with  zero  coeffi¬ 
cients  are  omitted.  The  number  of  variables  in  a  polynomizd  is  denoted  by  n.  Thus  the 
exponent  vectors  are  n-tuples.  The  maximum  degree  of  any  variable  in  the  polynomial 
is  denoted  by  d.  The  number  of  non-zero  monomials  of  the  polynomial  P  is  usually 
denoted  by  t  or  terms(P),  for  additional  preciseness.  For  a  dense  polynomial,  one 
where  each  monomial  has  a  non-zero  coefficient,  terms(P)  =  (d  -t-  1)”.  We  generally 
use  capital  letters  to  denote  a  priori  bounds,  and  lower  case  letters  for  the  actual  value. 
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Thus  T  would  be  used  to  designate  a  bound  on  the  number  of  terms  in  P,  while  t 
denotes  the  actual  number  of  non-zero  terms  present  in  P. 

To  minimize  the  number  of  subscripts  in  formulae  we  use  a  variant  of  Laurent 
Schwartz’s  notation.  Let  X  =  (Xi,X2, . .  •  and  ?=  (ci,  62, . .  • ,  e„)  be  two  vectors. 
Then  we  write  the  usual  (inner)  dot  product  as 

t  '  X  =  61X1  -1-  e2-X^2  +  •  •  •  +  Cn-^n- 


We  also  extend  this  notation  to  exponentiation  as  follows 

X‘  =  (X‘\X‘\...,X^’')  and  X‘  =  X^^ X^^  ■  ■  ■  X^’' . 


Thus  the  multivariate  polynomial 


-I-  C2Xt^^X^ 


ejj 


+  ctX^‘^X^‘^---X‘‘- 


would  be  written 

CiX‘^  +C2X‘^  +  -‘-+CtX‘'‘. 

We  always  use  the  vector  accent  when  using  this  notation. 

When  evaluating  algorithms  involving  polynomials,  we  need  to  measure  the  size 
of  a  polynomial.  In  this  paper  we  have  chosen  to  use  the  number  of  non-zero  terms. 
Thus  an  upper  boimd  on  the  size  of  a  polynomial  of  n  variables,  each  of  degree  d,  is 
(d  +  1)".  The  number  of  non-zero  terms,  however,  is  often  much  smaller.  Notice  that 
when  establishing  that  a  polynomial  P  of  size  0{T)  is  identically  zero,  we  already  know 
that  P  cannot  have  more  than  0(T)  non-zero  coefficients,  though  we  know  little  about 
the  exponents. 

An  alternative  mesisure  of  the  size  of  a  polynomial  P  is  the  size  of  a  straight  line 
program  to  compute  P.  This  measure  was  advanced  by  Kaltofen  (1987).  The  class  of 
straight  line  programs  of  size  0{T)  contains  almost  all  polynomials  with  0{T)  non-zero 
terms  and  many  more.  It  would  be  interesting  to  know  if  it  is  possible  to  extend  the 
results  presented  here  to  this  wider  class  of  polynomieds. 

To  prove  that  a  polynomial  is  zero  by  considering  its  value  at  a  number  of  points 
requires  some  bound  on  the  information  content  of  the  polynomial.  We  begin  with  a 
proposition  that  establishes  a  lower  bound  for  our  results. 

Proposition  1.  Let  S  =  {dj}  be  a  set  ofT  —  1  n-tuples.  There  exists  a  polynomial 
with  rational  integer  coefGcients,  not  identically  zero,  that  contains  no  more  than  T 
non-zero  monomials  and  that  vanishes  at  every  point  in  S. 


Proof:  Choose  a  polynomizd  with  T  monomials: 

PiX)  =  -b  C2X'*  -H  •  •  •  -h  ctX^^  , 
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whose  coefficients  (ci)  will  be  determined  later  from  S.  For  P  to  vanish  at  Ci,  an 
element  of  S,  the  Cj  must  satisfy  the  following  linear  equation: 

cioj'  +  C2a^*  H - 1-  CTO^^  =  0. 

Since  these  equations  are  homogenous  and  there  are  more  undetermined  variables  than 
linear  constraints,  there  is  a  non-trivizd  solution  to  this  system  of  equations.  [] 

Assume  we  wish  to  prove  that  a  polynomizd  is  zero  using  only  its  value  at  points 
that  we  are  free  to  specify.  Proposition  1  demonstrates  that  showing  the  polynomial 
is  zero  at  T  points  only  shows  that  that  the  polynomial  is  either  identically  zero  or 
has  more  than  T  non-zero  terms.  Thus  if  all  that  is  known  about  a  polynomial  is  the 
nmnber  of  variables,  n  and  degree  bounds  on  those  variables,  d,  we  will  need  {d  +  1)" 
evaluations  to  prove  that  the  polynomial  is  non-zero.  This  means  that  there  is  no 
deterministic  algorithm  that  proves  a  polynomial  is  zero  from  its  values,  and  degree 
bounds.  Additional  information  is  also  needed. 

For  univariate  polynomials  over  the  reals,  we  can  show  that  by  choosing  the  points 
carefully,  any  polynomial  with  no  more  than  T  terms  that  vanishes  at  T  points  is 
identically  zero. 

Proposition  2.  Let  P(x)  be  a  univariate  polynomial  with  coefficients  in  Z.  The 
number  of  positive  real  zeroes  of  P(x)  is  less  than  or  equal  to  terms(P)  —  1. 

Proposition  2  follows  immediately  from  Descartes’  rule  of  signs  since  the  maximum 
number  of  sign  changes  in  the  coefficients  of  P(x)  is  terms(P)  —  1.  (For  instance,  Polya 
and  Szego  (1976)  Part  V,  Chapter  1,  problem  36.)  The  following  corollary  is  merely  a 
restatement  of  the  proposition. 

Corollary.  A  univariate  polynomial  that  vanishes  at  the  integers  1,2, ...  ,T  is  either 
identically  zero  or  has  more  than  T  non-zero  coefficients. 

Using  some  new  techniques  we  show  that  0{nT^)  suffices  where  n  is  the  number 
of  variables  in  P  in  section  5.  This  is  acomplished  by  finding  a  specialization  of  P  to 
one  variable  that  does  not  increase  the  number  of  non-zero  terms  emd  then  applying 
Proposition  2.  The  previous  best  results  were  that  (d-1-1)"  +  1  sufficed,  which  is  optimal 
for  dense  polynomials,  but  can  be  exponentially  bad  for  sparse  polynomials.  In  section 
6  we  give  Ben  Or  and  Tiwari’s  result  that  T  suffices.  In  light  of  propositon  1  this  is 
the  best  possible. 

In  the  following  subsections  we  prove  some  of  the  basic  results  needed  in  the  sequel. 
Section  2.1  gives  a  simple  result  on  the  growth  of  primes.  Section  2.2  gives  a  number 
of  results  on  Vandermonde  matrices  that  are  needed  later. 

2.1  Results  from  Number  Theory 

We  occasionally  use  the  notation  pi  to  indicate  the  ith  prime.  It  is  is  also  used  to 
represent  the  ith  element  of  the  vector  p.  Our  intent  should  be  clear  from  the  context. 
In  this  section  we  develop  a  crude  estimate  for  the  size  of  the  product  of  the  first  N 
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primes.  Rosser  zind  Schoenfeld  (1962)  have  shown  that  the  iVth  prime  is  bracketed  by 
the  following  inequaltities 


N  (log(NlogN)-^\  <pn<N  (log(JVlogJV)-l 

where  the  first  inequality  holds  for  N  >2  and  the  second  when  iV  >  20. 
For  our  work  we  can  use  the  much  cruder  estimate  of 


PN<(N  +  iy^\ 


for  some  small  constant  e.  This  easily  follows  from  the  result  above  and  a  small  amount 
of  computation  for  the  the  small  values  of  N. 

By  applying  Sterling’s  formula 

log(iV  +  l)-(iV  +  l)  + 

to  the  product  of  the  first  N  primes  we  have 
log(piP2  •  •  -Pn)  =  log(iV  + 

i) 

This  proves  the  following  proposition 
Proposition  3.  There  exists  a  coastant  ci  sudi  that 


\og(N  +  2)-(N  +  2)  +  l  log  27r  +  0(./V-' ) 

£t 


ilog2x  +  0(iiV|-') 


log  (.PiPi'-ps)  <  Cl  N  log  N. 


2.2  Vandermonde  Matrices 

Many  of  the  algorithms  developed  in  this  paper  depend  upon  known  results  about 
Vandermonde  matrices.  For  completeness  these  results  are  derived  and  included  in  the 
following  paragraphs.  A  Vandermonde  matrix  is  a  matrix  of  the  form 


Vn  = 


where  the  A:,-  are  chosen  from  some  field.  Similairly,  a  system  of  linear  equations  of  the 
form 

Xi  +  kiX2  +  k^Xj  +  •  •  •  +  k^-^Xn  =  wi 


/I 

ki 

kl 

1 

k2 

kl 

•••  kr^ 

\l 

kn 

kl 

•••  kr^} 

Xi  +  ^2^2  4*  k^Xz  +  •  •  •  4-  fcj  ^  Xfx  =  iU2 


Xi  +  k^X2  4-  klX2  4-  •  •  •  +  fcr =  u;„ 
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will  be  cEdled  a  Vandermonde  system  of  equations. 

A  matrix  where  the  degrees  of  eaxii  row  rise  montonicaJly,  but  not  necessarily 
linearly,  is  called  a  generalized  Vandermonde  matrix,  viz, 


/‘r 

ki>  ... 

*5' 

kp 

... 

l.«n 

... 

We  will  often  use  generalized  Vandermonde  matrices  where  ei  =  0. 

The  determinant  of  a  Vandermonde  matrix  may  be  computed  using  the  following 
device.  Multiplying  the  ith  colunm  by  ki  and  subtra.ct  it  from  the  i  +  1st  column  we 
get, 


/I  0 

0 

•  •  • 

1  k2  —  ki 

k^  -  kik2 

. . . 

-  k^-Hi 

det  V„  = 

;  ; 

\  1  kn-  ki 

k”  —  kikn 

Expanding  by  Cramer’ 

s  rule  across 

the  first  row 

and 

factoring  out  ki  — 

row  we  have 

det  Vn  = 

n 

)det 

K.-1. 

l<i<n 

Thus  we  have: 

Proposition  4.  The  determinant  of  the  Vandermonde  matrix  is 


detV„=  Yl  (kj-ki). 


As  an  immediate  consequence  we  see  that  the  determinant  of  a  Vandermonde  matrix 
is  non-zero  if  and  only  if  the  ki  are  distinct. 

A  similar  result  is  true  for  generalized  Vandermonde  matrices  over  the  reals,  but 
the  proof  is  a  little  trickier.  Notice  that  while  proposition  4  applied  to  Vandermonde 
matrices  over  any  field,  the  following  proposition  (due  to  Tiwari)  is  only  vadid  over  the 
reals,  which  has  characteristic  zero.  We  know  of  no  similar  result  for  fields  of  positive 
characteristic. 

Proposition  5.  (Tiwari)  The  determinant  of  a  generalized  Vandermonde  matrix  is 
non-zero  if  the  ki  are  distinct  positive  real  numbers. 

Proof:  We  will  show  the  matrix  is  non-singular  by  induction.  A  Vandermonde  matrix 
of  order  1  is  obviously  non-singular  since  we  only  allow  positive  entries.  Though  we 
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do  not  need  the  order  2  case  for  the  proof,  it  is  still  worth  exannining.  for  an  order  2 
Vandermonde  matrix, 

^  ^  —  it*  — 

Thus  the  matrix  is  singulair  if  ki/k^  is  an  cth  root  of  unity.  This  is  not  possible  if  the 
ki  axe  distinct  and  positive. 

In  the  general  case  we  consider  a  matrix  of  the  form 


/I 

kT 

kV 

1 

k? 

•••  ki- 

\l 

kt,^ 

••• 

•  •  n-/ 

Replace  k^  by  the  indeterminate  Z  and  consider  the  number  of  zeroes  of  the  polynomial 


/I 

1 

k? 

Jt*"  •  •  • 

det 

; 

; 

—  CLl  —  02^**  "b  <23^**  —  • 

Vi 

... 

Each  coefficients  (a,-)  is  a  minor  of  the  original  matrix  and  is  itself  a  generalized  Van¬ 
dermonde  matrix  of  order  n  - 1.  If  fcj*  ^3>  •  •  • ,  are  distinct  positive  numbers  then  the 
minors  are  non-zero  by  induction.  The  polynomial  in  Z  can  only  have  n  —  I  positive 
zeroes  by  propositon  2.  But  certainly  each  of  ^3.  •  •  • ,  is  a  zero  of  the  polynomial. 
Thus  there  are  no  other  positive  real  zeroes.  Q 

The  inverse  of  a  Vemdermonde  matrix  can  be  computed  by  the  following  technique. 
Multiply  a  Vandermonde  matrix  by  a  general  n  by  n  matrix: 


/I 

kl 

...  kr\ 

/On 

012 

Oi3 

•••  ain\ 

1 

k2 

kl 

... 

• 

021 

O22 

<*23 

•  *  •  <*2n 

\i 

kn 

kl 

... 

\anl 

OnZ 

OnS 

<*nn  r 

The  jth  element  of  the  top  row  of  the  product  of  these  two  matrices  is 
ai>  +  a2}k\  +  azjkj  +  ■  •  ■  +  =  Pjik^ ). 


In  fact  the  product  above  is 

/Pi(Ai)  P^(k^) 

PlW  P2{k2) 
\Piikn)  P2{kn) 


Pn{k,)\ 

Pn{k2) 

Pn{kn)) 
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we  see  that  the  product  matrix  is  the  identity,  and  thus  the  coefficients  of  the  Pj  are 
the  columns  of  the  inverse  of  the  Vandermonde  matrix.  Each  of  the  Pj{Z)  can  be 
computed  in  0{n)  operations  from  a  master  polynomial,  which  itself  can  be  computed 
in  0(n)  operations.  Thus  the  Vandermonde  matrix  can  be  inverted  in  O(n^)  time. 

Assrime  we  wish  to  solve  a  Vandermonde  system  of  equations  like  the  following; 

Xi  +  hXi  +  kjXz  +  .  •  •  +  k'^-^Xn  =  ti^i 
.^1  +  ^2-^2  +  k\Xz  +  •  •  •  +  ^2  ^  Xn  —  U>2 


X\  +  knX^  +  k^Xz  +  •  *  •  +  ^  Xn  — 

If  recognized  as  a  Vandermonde  system,  these  equations  need  only  consume  0(n)  space. 
They  cam  be  solved  using  0(n)  space  by  the  following  device. 

Define 

p(z)=  n  (z-k,). 

l<i<n 

This  polynomial  contains  n  +  1  terms.  The  coefficient  of  Z"  is  always  1.  The  poly¬ 
nomials  P{Z)I{Z  —  kj)  can  be  computed  by  synthetic  division.  It  is  the  numerator  of 
Pj(Z).  The  value  of  P{Z)/{Z  —  kj)  at  kj  is  the  denominator  of  Pj(Z).  Thus  each  of 
the  Pj{Z)  can  be  computed  using  0(n)  space  amd  time.  The  computation  of  the  -Y,  is 
arramged  as  follows. 

/^i\  /  lui  •  coef(Pi,Z®)  \  /  u;„  •coef(P„,Z°)  \ 

\Xn)  (^1 .  ) /  V u;„  •  coef (P„,  Z"-i )  y 

After  eaich  colunm  vector  on  the  right  hand  side  is  computed,  it  is  added  to  the  accu¬ 
mulating  Xi  amd  its  storage  may  be  reused  by  the  following  column  vector. 

This  approach  cam  also  be  applied  to  transposed  Vandermonde  systems  like  fol¬ 
lowing 

Xi  -|-  X2  +  X3  -f  •  •  •  -b  Xn  =  1^1 
kiXi  -|-  ^2X3  -b  kzXz  -b  •  •  •  -b  knXn  =  W2 


k^-^Xi  -I-  k^-^X2  +  kp^Xz  -b  •  •  •  -b  k"-^X„  =  W2 
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since  the  inverse  of  the  transpose  of  a  matrix  is  the  transpose  of  the  inverse,  we  have 
the  following  formula  for  each  of  the  Xi 

Xi  =  wi  ■  coef(Pi, +  W2  •  coef(Pi, H - +  '  coef(Pi, 

We  state  these  results  as  the  following  proposition. 

Proposition  6.  The  Vandermonde  system  (1)  and  the  transposed  Vandermonde  sys¬ 
tem  (2)  over  the  held  F  can  be  solved  in  O(n^)  operations  over  F.  Furthermore,  the 
space  required  is  that  of  0(n)  elements  of  F.  If  F  =  (^  and  K  =  mzix  \  ki\  then  the 
largest  number  used  will  require  0(n  log  K)  bits  and  in  total  0(n^  log  K)  bits  of  storage 
will  be  required. 

3.  Dense  Interpolation 

The  general  problem  we  consider  in  this  paper  is  computing  a  polynomial  from 
its  values  at  certain  points,  whose  choice  may  be  part  of  some  higher  level  algorithm. 
These  polynomials  may  be  multivariate  and  their  coefficients  generally  lie  in  the  rational 
integers,  though  occ2ision2illy  they  lie  in  a  finite  field.  Many  of  these  results  can  be 
extended  to  more  complex  fields,  but  we  do  not  do  this  here.  In  this  section  we  assume 
we  axe  given  the  number  of  variables  in  the  polynomied  as  well  as  degree  bounds,  but 
no  additional  assumptions  are  made.  In  particular,  we  know  nothing  about  the  number 
of  non-zero  terms  in  the  polynomial. 

3.1  Univariate  Dense  Interpolation 

The  simplest  form  of  this  problem  consists  of  determining  a  univariate  polynomial 
from  its  values  at  selected  points.  The  straightforward  approach  works  surprisingly 
well.  Let 

P(Z)  =  po  +  +  • '  ■  +  ^ +Pn2” 

be  the  polynomial  to  be  determined.  Assume  the  coefficients  axe  over  a  field  F,  and 
let  zo,...,Zn  be  the  set  of  distinct  evaluation  points.  FVom  the  vEilues  of  P(zi)  =  Wq 
we  get  the  following  system  of  linear  equations  in  the  unknown  pj. 

Po  d-pi^o  +P2^o  *1 - +Pn^o  = 

Po  +  Pl^l  +  P2-?1  H - +  Pn-^r  = 


Po  +  Pl^n  +  P2zl  +  •  •  •  +  PnZn  = 

This  is  a  Vandermonde  system.  Since  the  z,-  are  distinct,  the  system  is  non-singulax 
amd  its  solution  can  be  determined  quickly.  Let 


QAZ) 


Z  —  Zi 

Zj  Zi 
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As  noted  before  each  Qj  ceui  be  determined  from  a  mzister  polynomial  Q(Z).  So  P  is 


m)=  E 

0<j<n 


-  E 

0<j<n 


Wj 


This  is  the  Lagrange  interpolation  formula. 

3.2  Multivariate  Dense  Interpolation 

As  pointed  out  in  the  previous  section,  a  polynomial  in  one  variable  of  degree  d 
can  be  determined  from  its  values  at  d  +  1  points  using  0{<P)  arithmetic  operations. 
This  result  can  be  extended  to  multivariate  problems. 

Let  P{X)  be  the  polynomial  to  be  determined.  It  is  a  polynomial  in  n  variables, 
Xi, . . .  ,Xn,  whose  coeflBcients  lie  in  an  integral  domain  R.  Each  Xi  appears  to  degree 
no  more  than  di  in  P.  Let  £  =  (dj  +  l)(d2  +  !)•••,  the  maximum  number  of  terms  in 
P.  Writing  P  as  a  sum  of  monomials  using  the  vector  notation  we  have 

P{X)  =  CiX^^  +  +  •  •  •  +  ctX^^, 


where  the  nm  through  eeich  possible  exponent  combination.  Choosing  i  remdom 
n-tuples  Xi  and  computing  the  values  of  P(xi)  gives  a  system  of  £  lineeir  equations. 
In  general,  this  requires  0(i^)  operations  to  solve,  and  perhaps  more  importmt  0{£'^) 
space. 

There  remains  the  question  of  solvability  of  the  system  of  equations.  Let  M  be 
an  n  X  n  matrix  over  a  field  F,  M  will  be  singular  if  and  only  if  det  M  =  0.  Thus 
the  singular  matrices  form  an  algebraic  set  of  codimension  1  in  the  space  of  all  n  x  n 
matrices.  Thus  the  probability  that  the  system  of  equations  is  singular  is  about  1/#(F). 
For  probabilistic  algorithms  this  suffices.  For  deterministic  algorithms  more  analysis  is 
required.  This  is  done  in  later  sections  by  choosing  the  evaluation  points  carefully. 

Several  techniques  can  be  used  to  bring  the  time  requirements  down  to  0(£^). 
In  particular  a  rectirsive  technique  was  used  by  Brown  (1971)  in  the  modular  GCD 
algorithm.  In  this  paper  we  use  another  approach  that  leads  more  naturally  to  the 
techniques  for  dealing  with  sparse  polynomials. 

Choose  a  random  n-tuple  p.  This  is  the  initial  evaluation  point.  Denote  the  values 
of  the  monomials  by  m,-.  Additional  evaluation  points  are  obtained  by  raising  p 
to  successive  powers  (starting  with  0).  Notice  that  {pY’  =  mj.  Thus  we  have  the 
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following  system  of  equations  to  solve. 


ci+C2-i - \-ce  =  P(p®) 

c\mi+ €21712 - 1-  cirrii  =  P{p) 

ciml  +  C2ml - h  ctmj  =  P{^) 


cim\  +  C2m\  ^  H - h  ctm\  ^  =  P(^ 

This  is  the  transpose  of  a  Vandermonde  system.  As  discussed  in  section  2.2,  this  system 
can  be  solved  in  0{f^)  time  and  0{i)  space. 

The  key  issue  in  this  approach  is  guaranteeing  that  the  mi  are  distinct  so  that  the 
Vandermonde  system  will  be  non-singular.  If  the  co^cient  domain,  R,  is  a  unique 
factorization  domain  we  can  do  this  easily.  For  instance,  assume  R  is  the  rational 
integers.  We  choose  the  components  of  p  to  be  distinct  primes,  viz.,  p  =  (2, 3, 5, . . .). 
By  vmique  factorization  each  of  the  mi  will  be  distinct. 

If  the  coefficient  domain  is  a  finite  field  F,,  then  the  problem  can  be  more  difficult. 
The  finite  field  must  be  contain  at  least  £  elements  for  the  Vandermonde  system  to  be 
non-singular.  For  the  dense  interpolation  technique  being  discussed,  the  maximum 
value  of  ^  is  (d  -|- 1)".  When  q  <  (d  -f-  1)**  the  modular  interpolation  technique  can 
still  be  used  but  elements  should  be  chosen  from  an  algebraic  extension  of  F,  that  has 
more  than  (d  +  1)"  elements.  In  general,  we  can  solve  the  system  of  equations  using 
conventional  (0(£^))  techniques. 

If  the  characteristic  of  F,  is  siofficiently  large,  we  can  do  better.  Choose  the  com¬ 
ponents  of  p  to  be  the  rational  primes,  (2,3,5, . . .).  If  eewdi  of  the  m,,  when  computed 
in  Z,  is  less  them  the  ch2ir2icteristic  of  F,  then  they  will  be  distinct  as  elements  of  F,. 
For  this  to  be  the  case  the  characteristic  must  be  greater  than 


by  proposition  3. 

In  the  following  paragraphs  we  analyze  the  hard  case:  We  eissume  that  q  is  greater 
than  (d  -I- 1)”,  but  that  the  characteristic  of  F,  is  less  them  The  actual  analysis 

is  staightforward  but  somewhat  lengthy.  We  consider  the  following  somewhat  more 
general  question  since  its  solution  will  be  of  use  analyzing  the  speirse  algorithms.  Let 
{cj}  be  a  set  of  T  n-tuples  where  each  component  is  boxmded  by  d.  (In  the  current 
case  T  =  (d+  1)”.)  What  is  the  probability  that  for  a  rEUidomly  chosen  x  €  F”  there 
is  an  Cj  and  ej  such  that  =  x^f? 

We  begin  with  sm  enumeration  proposition. 

Proposition  7.  Let  a  be  a  6xed  n-tuple  where  each  component  is  an  element  of  Z/(m), 
c  be  the  common  GCD  of  the  Oi  and  m.  Let  x  be  an  n-tuple  whose  components  range 
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over  Zm-  Then  a  •  x  takes  on  m/c  distinct  values.  These  values  divide  the  different  x 
into  mic  classes  each  containing  cm'*~^  different  x. 


Proof:  First  we  reduce  to  the  case  where  c  =  1.  Since  a  •  i  is  a  multiple  of  c  for  every 
X,  a  ■  X  can  tzike  on  no  more  than  m/c  values,  i.e.  0,  c,  2c,  —  Let  ac  be  one  of  these 
values.  Each  solution  of  _  _ 


a  •  X 
c 


a  (mod  m/c) 


(3) 


gives  rise  to  c”  solutions  of  a  •  x  =  ca  (mod  m).  Thus  if  we  can  show  that  (3)  has 
(m/c)"“^  solutions,  we  are  finished.  The  rest  of  the  proof  proceeds  via  a  slightly 
complicated  induction. 

Consider  the  one  dimensional  case,  ax  =  b  (mod  m).  Since  a  and  m  are  relatively 
prime,  there  is  exaw:tly  one  value  of  x  that  satisfies  the  relation  for  every  value  of  6,  as 
required  by  the  proposition. 

Now  assume  the  proposition  is  true  for  all  vectors  a  of  dimension  less  than  n.  Let 
a  be  an  arbitrary  element  of  Z/(m).  We  want  to  show  that  a  -  x  =  a  (mod  m)  has 
m"~^  zeroes.  Without  loss  of  generality  we  can  assume  that  oi  is  not  zero.  If  ai  and  m 
are  relatively  prime  then  for  every  choice  of  oj, . . . ,  there  is  a  unique  ci  that  satisfies 
the  relation.  Thus  there  are  m”"^  zeroes  of  the  relation  as  desired. 

Assume  that  ai  and  m  have  a  GCD  of  g.  The  relation  has  no  zeroes  if  g  does  not 
divide  02X2  H - o.nXn  —  Thus  we  consider  the  number  of  zeroes  of 

02*2  H - <*n*n  =  ot  (mod  g). 


Notice  that  02,..., a„  cannot  have  a  GCD  dividing  g.  Thus  this  equation  has  5"“^ 
zeroes  modulo  g.  Each  is  the  image  of  (m/^)**"^  elements  modulo  m.  Thus  there  are 
m^~^/g  choices  of  02,..., a„.  Each  one  will  give  rise  to  g  choices  for  xi  giving  the 
desired  result.  Q 

Corollary.  Let  a,  m  and  c  be  as  in  the  previous  proposition.  Then  there  are  cm^~^ 
distinct  solutions  to  a  -  x  =  0  (mod  m). 


Proof:  0  is  always  one  of  the  values  of  a  •  x  since  x's  components  could  be  all  zeroes. 

□ 

This  result  can  now  be  used  to  answer  the  question  raised  above. 

Proposition  8.  Let  ei,.. .  ,eT  be  n-f  upies  where  each  component  is  less  than  d.  There 
exists  no  more  than 

d-r.(r-l)-(g-l)”-^ 

2 

n-tuples  X  with  components  in  Fq  such  that  for  some  i  and  j  X‘'  and  X^>  have  the 
same  values.  Equivalently,  for  at  least 
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n-tuples  X,  X^'  tedces  on  distinct  values. 

Proof:  Let  g  he  a  generator  of  the  multiplicative  group  F*.  Then  for  each  n- tuple  A' 
we  can  assign  another  n- tuple  a  such  that  Xi  =  g^',  assuming  no  Xi  is  zero.  The 
are  elements  of  Z/{q  —  1).  Two  monomials  A’**  emd  have  the  same  value  when 


=  g^-^i  x^i 


That  is,  when  a  •  (e,-  —  ej)  =  0  (mod  q  —  1).  By  the  previous  corollary  there  are 
c(q  —  1)"”^  such  zeroes,  where  c  is  the  GCD  of  the  elements  of  Ci  —  ej  and  q  —  l.  Since 
c  <  d  there  axe  at  most  d{q  —  1)'*“^  tuples  x  that  cause  these  two  terms  to  take  on  the 
same  value. 

There  axe  T{T  —  l)/2  distinct  pairs  of  e,-,  so  the  maximum  number  of  x  that  cause 
a  pair  of  to  take  on  the  same  value  is 


d-T -{T -l)-(q-iy~^ 
2 


□ 

Since  there  axe  only  (q  —  1)”  ^  possible  x  (ignoring  those  with  a  zero  component), 
we  have  the  following  corollary. 

Corollary.  The  probability  that  a  randomly  chosen  x  will  cause  two  of  the  x*'  to  have 
the  same  value  is 

d-T-(T-l) 

2(9-1)  • 

If  we  wish  the  probability  of  a  collision  to  be  less  thjui  c,  then  for  dense  polynomials 
this  mezms  that 

(d+l)2’'+» 

— s — • 

This  is  actually  quite  impractical  for  polynomials  with  large  ntimbers  of  variables  and 
high  degree.  Fortunately,  many  problems  are  sparse,  i.e.  T  (d  +  1)*',  which  gives 
much  better  results.  This  is  the  topic  of  the  next  section. 

4.  Sparse  Interpolation 

The  purpose  of  this  section  is  to  develop  Zippel’s  sparse  interpolation  algorithm, 
which  gives  a  probabilistic  resolution  of  the  interpolation  problem.  What  is  presented 
is  an  improvement  of  the  author’s  orginal  results  based  on  some  of  the  ideas  first 
suggested  by  Ben-Or  and  TiwEui,  This  algorithm  is  given  no  information  about  the 
number  of  non-zero  terms  in  the  polynomial  being  interpolated.  Instead  it  develops  an 
estimate  of  the  number  of  terms  as  each  new  variable  is  introduced.  As  a  consequence 
its  performance  depends  upon  the  actual  number  of  non-zero  terms  in  the  polynomial 
rather  than  £in  a  priori  bound.  This  probabilistic  eilgorithm  tends  to  be  more  useful 
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in  practical  situations  than  the  deterministic  algorithms  presented  in  the  following 
sections. 

This  section  has  been  divided  into  three  subsections.  In  the  first  we  give  a  demon¬ 
stration  of  the  algorithm  and  its  benefits.  In  the  subsequent  subsections  we  give  a  more 
formal  presentation  of  its  details,  and  analyze  the  algorithm’s  performance. 

4.1  Heuristic  Presentation 

As  before  we  wish  to  determine  the  polynomial  P{X)  6  U[X]  from  its  values, 
where  C/  is  a  field  with  sufficiently  many  distinct  elements.  We  assume  that  di  bounds 
the  degree  of  Xi  in  P.  The  sparse  interpolation  algorithm  computes  P  one  variable  at 
a  time.  That  is,  we  initially  compute  P(ai,  02, . . . ,  Un),  then  P{Xi,a2, ,  a„),  then 
P{Xi,X2,a3, . . .  ,a„)  and  so  on,  until  we  have  determined  P(X).  The  introduction  of 
each  new  variable  is  called  a  stage  of  the  algorithm.  We  use  clues  from  the  polynomial 
produced  in  the  preceding  stage  to  minimize  the  effort  required  to  produce  the  next 
polynomial  in  the  sequence. 

The  description  of  the  sparse  interpolation  algorithm  becomes  rather  involved  and 
it  is  easy  to  get  bogged  down  by  all  the  subscripts  and  variables  involved,  but  it  is 
fundamentally  quite  simple.  In  this  section  we  give  an  explicit  example. 

Assume  we  wish  to  interpolate  a  polynomial  in  three  variables,  P{X,Y,Z)  over 
a  field,  where  the  degree  of  each  variable  is  not  greater  than  5.  If  the  polynomial 
were  dense,  there  would  125  different  coefficients  that  would  need  to  be  determined. 
We  assume  that  most  of  these  coefficients  are  zero  and  that  P  only  possesses  a  few 
non-zero  monomials.  By  using  one  of  the  dense  interpolation  schemes  of  section  3, 
we  can  compute  P(X, yo,  ^o)  from  P(xo,  Vo* ^o),  Vo,  -^o),  •  •  • ,  P{Xi,yo,ZQ).  Assume 
this  yields 

P{X,  yofZo)  =  cqX^  +  cjX  -f-  C2. 

This  is  the  end  of  the  first  stage. 

Beginning  stage  two,  we  know  that  P(X,  Y,  Z)  can  be  written  as 

p(x,  y,  z)  =  P5(y,  z)x^  -b  P4(y,  z)x*  -b  •  •  •  +  Po(y,  z). 

From  the  first  interpolation  we  know  that  Pi{X,yo,zo)  =  co,  Pi(-X’, yo, ro)  =  ci, 
Po{X,  yQ,zo)  =  C2  and  that 

P4(yo,^o)  =  P3{yo,zo)  =  P2{yo,zo)  =  0. 

The  key  step  in  the  sparse  interpolation  algorithm  is  to  Msume  that  this  is  true  for  all 
values  of  Y  and  Z.  That  is,  that 

P4(y,  z)  =  P3(y,  z)  =  P2{y,  z)  =  o. 

In  typical  calculations,  where  yo  and  zq  are  chosen  at  random  from  a  leirge  set  of 
possibilities,  this  is  a  good  Msumption.  Proposition  9  below  gives  a  precise  measure  of 
how  good  an  assumption  this  is. 
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We  now  choose  a  new  value  for  Y,  yi,  and  compute  P{X,yi,zo).  Without  the 
assumption  of  the  previous  paragraph,  this  interpolation  would  require  6  additional 
values  of  P.  Instead  we  assume  that  P(X,yi,Zo)  contains  only  3  non-zero  terms,  i.e., 


P{X,yi,ZQ)  =  csX^  -F  C4X  -f  C5, 


where  the  C3,  C4  and  C5  axe  to  be  determined.  Since  there  are  only  three  unknowns  to 
be  determined  only  three  new  values  of  P  are  required. 

This  process  is  repeated  until  we  have  six  polynomials. 

cqX^  +  c\X  -I-  C2  =  P{X,yo,  zq) 

C3X®  +  C4X  +  Ci=  P{X,  yi ,  2o ) 


ClsX^  -|-  Ci^X  -f-  Ci7  =  P(X,  ys,  Zq) 


By  the  dense  interpolation  algorithm  of  section  3,  the  coefficients  of  the  X^  terms  can 
be  interpolated  to  produce  a  polynomial  in  Y,  and  similarly  for  the  linear  and  constant 
terms.  Combining  these  results  we  have  P{X,Y,zo).  Notice  that  we  have  only  needed 
6-1-3-I-3-1-3-I-3-I-3  values  of  P  to  compute  this  polynomial.  The  dense  interpolation 
scheme  would  have  required  almost  twice  as  many  evaluation  points. 

Beginning  the  third  stage,  let  us  assume  this  gives  the  polynomial 

P(X,  K,  ro)  =  kiX^  +  {hY^  +  hY)X  +  k^Y^ 

=  ibi X®  -H  kiXY^  -1-  kzXY  +  k4Y^, 

where  the  fcj  are  elements  of  the  groimd  field.  We  are  now  in  a  position  to  begin  the 
process  again,  but  this  time  introducing  the  variable  Z.  To  do  this  we  need  to  calculate 
the  polynomials  P{X,Y,zo),P{X,Y,zi),. . .  ,P{X,Y,Zi).  We  assume  that  those  XY- 
monomials  that  did  not  arise  in  P{XfY,Z(j)  have  coefficients  of  zero  in  P{X,  Y,Z). 
Thus  to  compute 

P{X,  y,  )  =  k^X^  -h  keXY*  +  krXY  +  k^Y^ 

we  only  need  interpolate  four  values  of  P.  Thus  the  additional  5  polynomials  only 
required  5  x  4  =  20  evaluation  points.  Without  the  sparsity  assumptions  each  of  the  5 
polynomial  would  have  required  36  evaluation  points,  emd  180  in  all. 

4.2  Formal  Presentation 

To  fix  our  notation,  assume  we  want  to  use  the  speirse  interpolation  algorithm  to 
determine  a  polynomial  P(Xi,. .  .,Xn)  €  F[X]  where  we  know  that  each  X,  does  not 
appear  to  degree  higher  than  d  and  that  there  are  no  more  them  T  non-zero  monomials 
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in  P.  Furthermore,  we  assume  that  we  can  compute  the  value  of  P  given  a  value  for 
X.  It  is  convenient  to  consider  just  one  stage  of  the  interpolation.  The  computation  of 
P{X)  being  just  a  sequence  of  n  stages. 

Now  aisstime  that  we  have  performed  the  first  k  —  I  stages  of  the  sparse  mod¬ 
ular  algorithm  zmd  we  are  about  to  begin  the  kth  stage.  From  the  previous  stage’s 
computation  we  have 

P(Xi,  .  .  .  ^Xk-l,XkQ,  ■  .  .  ,  Xno)  =  +  •  •  '  +  pToX^'^ . 

The  set  of  exponents  of  P{Xi,. . . ,  Xk-i^xto,  • . . ,  x^o)  is  called  the  skeleton  of  P,  which 
we  denote  by  skelP.  Since  there  are  no  more  than  T  non-zero  monomials  in  P,  the 
skeleton  of  P  can  never  have  more  than  T  elements. 

Throughout  this  stage,  the  values  of  assigned  to  Xk+i,  -  ■  •  ,Xn  will  not  vary.  To 
simplify  the  notation,  we  will  omit  them.^  We  write 

■P'(yo,  •  •  • ,  yt)  =  P(yi,-  •  • ,  yt,  a^it+i.o, . . . ,  x„o). 

The  computation  of  P(.X^i, . . .  ,Xk-i,Xk)  proceeds  in  two  phases.  In  the  first  we 
determine 


P\Xi, . . . , Xk-t ,  xkj)  =  -h  P2>X‘*  -f  •  • .  -h  pTiX‘^ , 

for  ;  =  0, . . . ,  d  by  the  following  technique: 

For  each  of  d  -f  1  randomly  chosen  values  of  Xk,  Xkj  perform  the  following.  Pick 
a  random  k  —  1-tuple  denoted  by  (j/i , . . . , pk-i)  —  y,  such  that  each  of  are  distinct. 
Since  the  Cj  are  known,  verifying  that  this  is  the  case  is  easy.  Actuzdly  finding  y  is 
dicussed  in  the  analysis  of  the  next  subsection.  This  vedue  y  eJlows  us  to  set  up  the 
following  (non-singular)  system  of  linear  equations 


P'(l, .  .  .  ,  1,  Xfc,i )  =  Plj  +  P2>  +  •  •  •  +  PTj 

P\y\ ,  •  •  • ,  yfc-i ,  Xkj)  =  piyy^*  +  P2jf'*  +•••-!-  PTjf'^ 

P'ivl^  •  •  •  7  yl-uXkj)  =  Piiy®^‘  +  P2>^‘*  +  •  •  ■  +  PTjf^'^ 

P'ivi  >  •  •  ■ .  yl-x , Xkj)  =  Pijy^*‘  +  P2jy^^*  +  •  •  •  +  PTjf^"^ 

This  is  a  Vandermonde  system  of  equations  and  can  be  solved  by  the  techniques  of 
section  2  in  0(T^)  time  while  requiring  only  0{T)  spane.  The  result  will  be  a  polynomial 

•^(■^1 1  •  ‘  1  >  Xkjf  •  •  •  >  ^no)> 

^  In  practical  implementations  this  may  be  more  than  notational.  Eliminating  the  variables  that 
do  not  vary  at  this  stage  can  save  significant  time  when  computing  the  values  of  P. 
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for  each  of  the  d+1  values  Xkj- 

In  the  second  phase,  we  independently  interpolate  the  coefficients  of  each  mono¬ 
mial,  using  the  dense  interpolation  algorithm.  The  results  of  these  interpolations  can 
be  combined  to  produce 

P'(Xi , . . . ,  Xk-I  ,Xk)=Pi  (Xk)X‘^  +  P2(Xk)X‘^  +  ■■■+  PT(Xk)X‘^ . 

The  dense  interpolation  yielded  the  univariate  polynomials  pi(Xk)-  This  polynomial  is 
in  turn  expanded  to  get 

P(JCi,...,Xfe,Xj.+i_o,...,Xno)  =Pio*^*‘  +P20-^**  - t-PTO^'^1 

and  we  are  ready  to  begin  lifting  the  next  variable. 

4.3  Analysis 

We  begin  by  presenting  the  probabilistic  resolution  of  the  zero  avoidance  problem. 
The  following  proposition  gives  a  sharp  estimate  of  how  difficult  it  is  to  avoid  the  zeroes 
of  a  polynomial  given  only  degree  bounds. 

Proposition  9.  Let  k  be  a  field,  f  €  k[Xi , . . . ,  Xn]  and  the  degree  of  f  in  each  of  .Y, 
be  bounded  by  di.  Let  Zn(B)  be  the  number  of  zeroes  of  f,  x  such  that  x,  E  S  (a  set 
with  B  elements  B  ^  d,  j.  Then 

Z„{B)  <  B**  -  (B  -  di)(B  -  dj) . . .  (B  -  d„) 

«0((di-hd2-l--.--|-d„)B"-'). 

Proof:  There  are  at  most  d„  values  of  Xn  at  which  /  is  identically  zero.  So  for  any 
of  these  dn  values  of  Xn  and  any  value  for  the  other  Xi,  f  is  zero.  This  comes  to 
dnB'^~^.  For  all  other  B  —  dn  values  of  Xn  we  have  a  polynomied  in  n  —  1  variables. 
The  polynomial  can  have  no  more  than  Zn~i(B)  zeroes.  Therefore, 

Zn(B)  <  d^B-'  +  (B  - 

Rather  them  solving  this  recurrence  for  Zn,  we  solve  it  for  Nn  =  B'^  —  Z„.  Since 
Zi  is  less  than  or  equal  to  di,  Ni  >  (B  —  di).  This  is  the  basis  step  of  the  inductive 
proof.  Writing  the  rectuxence  in  terms  of  Nn  we  have 

B"  -  N„(B)  <  d„B—'  +  (B  -  d„)(B"-'  -  JV„-.(B)) 

or 

Wn(B)>(B-dn)Wn_i(B), 

from  which  the  proposition  follows.  [] 

Polynomials  of  the  following  actually  have  B"  —  (B  —  di )  •  ■  •  (B  —  d„)  zeroes  with 
components  less  than  B 

nx, . Xn)=  n  n 

Thus  the  inequality  in  the  proposition  cannot  be  further  strengthened.  The  following 
corollary  phrases  this  result  as  a  probability. 


Draft  of  15:33  Jan  18,  1989 


19 


Corollary.  Let  /i,/2, « . . ,/«  be  elements  of  fc[Xi, . . .  ,Xn],  where  the  degree  in  each 
variable  is  bounded  by  d.  Let  V{fi fa)  be  the  probability  that  a  randomly  chosen 
point  X  is  a  zero  of  any  of  the  fi,  where  Xi  is  an  element  of  a  set  with  B  elements.  Then 


nds 

~b'' 


Proof:  Let  /  =  /1/2  •  •  *  /j.  The  degree  of  each  variable  in  /  is  bounded  by  ds.  Applying 
the  previoxis  proposition,  we  see  that  the  number  of  zeroes  of  /  is  bounded  by  , 

for  sufficiently  large  B.  Since  there  are  S”  possible  x  to  choose  from,  we  have  the 
corollziry.  Q 

This  coroUeiry  gives  the  probabilistic  solution  to  the  zero  avoideince  problem.  Let 
P  be  an  element  of  Z[Xi , . . . ,  X„].  Choose  a  random  point  in  Z”  with  components  less 
than  B.  The  probability  that  this  point  will  be  a  zero  of  P  is  less  than 

nd 

1b' 

Thus  to  keep  the  chance  of  error  below  c,  using  a  single  evaluation,  we  must  choose 


Turning  now  to  the  sparse  modtilar  interpolation  algorithm,  if  all  the  probabilistic 
assvunptions  hold,  the  cost  of  lifting  a  single  variable  can  be  computed  as  follows.  In 
phase  1  we  compute  d  +  1  polynomials  at  a  cost  of  at  most  t  eveJuation  points  each, 
requiring  O(dt^)  time  and  0{dt)  space.  The  dense  interpolation  in  pheise  2  requires 
0{(jP)  steps  for  each  coefficient  that  is  interpolated.  There  axe  no  more  than  t^  terms 
so  it  takes  a  total  of  0(tcP)  steps.  Since  n  stages  need  to  be  performed  the  total  time 
requirements  are  0{ndt[d+t)),  while  the  maximinn  space  requirement  is  eilways  0{dt). 
Remember  that  t  is  the  actued  nvunber  of  terms  in  P,  not  an  a  priori  bound  on  the 
number  of  terms  in  P. 

As  we  shall  see,  the  chance  for  error  in  the  interpolation  depends  entirely  on  the 
initial  evaluation  point  (xio,aJ20, •  •  •  »Xno)-  By  performing  several  interpolations  with 
different  initial  points  we  can  decrease  the  chance  of  error.  This  may  be  appropriate 
in  practical  implementations.  Here  we  use  e  to  denote  the  chance  for  error  from  a 
single  starting  point.  We  assiune  P  is  a  polynomial  over  a  finite  field,  F,.  We  want  to 
determine  6  as  a  fimction  of  9,  d,  n  and  t.  In  practical  implementation,  P  will  most 
likely  be  a  polynomial  over  Z.  Then  g  is  chosen  to  minimize  c  and  still  remain  efficient. 
To  convert  from  a  solution  in  a  finite  field  to  one  over  the  integers  a  coefficient  bound  is 
needed  for  the  solution  in  Z.  In  this  section  we  ignore  these  issues.  From  a  theoretical 
point  of  view,  we  continue  to  compute  in  Z  (or  Q  as  necessary),  and  restrict  our  random 
choices  to  integers  less  than  q. 
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There  are  two  sovirces  of  potential  error  in  this  algorithm.  First,  the  structure 
inherited  from  earlier  stages  in  phase  1  structure  may  be  incorrect.  That  is,  a  term 
that  was  assumed  to  be  zero  really  wasn’t  zero.  To  be  precise,  consider  a  three  variable 
problem.  Assume  the  polynomial  to  be  computed  is 

Pi(y,  +  p2{y,  z)x^^  + .  •  •  +  pt{Y,  z)X‘‘ , 

and  the  intial  evaluation  point  is  (a?o,yo»^o)-  After  the  single  variable  interpolation 
computed  in  stage  one  we  have  the  polynomial 

Pi(yo,'Zo)-X^**  +  P2{yoi 2o)X*^  H —  +pt(yo,^o)-X^*‘- 

In  passing  from  the  one  variable  case  (X)  to  the  two  variable  case  (X,  Y),  the  algorithm 
just  presented  assumes  the  structure  given  above  is  correct.  E  pi  vanished  at  (yo,’^o) 
we  would  have  assumed  Cj  was  zero  erroneously.  At  the  end  of  this  stage  we  will  have 
the  bivariate  polynomial 

q,(zc)(X,  y/‘  +  qdzoXX,  r)/>  +  •  •  ■  +  Y)i‘ . 

Again,  E  any  of  the  ?,■  vanish  at  zq  we  will  get  erroneous  results.  To  compute  the 
exponent  vectors  correctly,  we  need  to  assume  that  the  pi  and  qi  do  not  vemish  at  the 
initial  point  (xo,yo,2:o)*  These  are  the  polynomials  whose  zeroes  we  must  avoid. 

At  the  ith  stage  of  the  interpolation  process,  there  are  at  most  t  polynomials  in 
n  —  i  variables  whose  zeroes  must  be  avoided.  The  aggregate  number  of  non-zero  terms 
these  polynomials  contain  must  be  less  than  i.  The  degrees  of  each  polynomial  is 
boimded  by  d.  So  by  proposition  9,  the  chance  of  the  initial  evaluation  point  being  the 
zero  of  any  of  these  is 

n?dt 

9 

Now  consider  the  probability  that  the  Vandermonde  systems  are  singular.  These 
systems  are  of  rank  at  most  t.  By  the  corollary  to  proposition  8,  the  probability  that 
this  system  is  singular  is 

d’t  ’{t  —  1)  ^  dt^ 

2(7-1) 

At  each  stage  there  are  d  such  systems  to  be  solved  and  there  are  n  —  1  stages  in  all, 
so  the  probability  that  one  of  them  will  fail  is  boimded  by 

n<Pt^ 

g 

Thus  we  have  the  following  proposition. 
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Proposition  10.  Let  P  be  a  polynomial  in  n  variables,  each  of  degree  no  more  than 
d  and  with  t  (">  n)  non-zero  terms.  Assume  the  coefficients  of  P  lie  in  a  finite  field 
with  q  elements.  The  probability  that  the  sparse  interpolation  algorithm  will  give  the 
wrong  answer  for  this  polynomial  is  less  than 

ncPP 

q 

The  randomly  chosen  values  must  be  chosen  from  a  set  of  at  least 

tkPP 

e 

values  for  the  proabability  of  error  to  be  less  than  e. 

Since  we  cannot  know  the  true  number  of  non-zero  terms  of  P  before  beginning 
the  algorithm,  the  random  values  must  be  chosen  from  a  set  of 

ncPT^ 

t 


points. 

Historical  note:  This  result  appeared  in  two  papers  simulteineously  and  inde¬ 
pendently  at  the  EUROSAM  ’79  conference  in  Marseille  during  the  summer  of  1979. 
Schwartz  gave  the  second  estimate  of  proposition  9  while  Zippel  gave  a  version  of  the 
first.  The  proof  given  here  is  a  simplification  and  extension  of  that  given  in  Zippel 
(1979). 

5.  Deterministic  Zero  Avoidance 

As  mentioned  earlier,  proposition  2  shows  that  univariate  polynomials  over  the 
rational  integers  cannot  have  many  real  zeroes.  We  extend  this  proposition  to  one  for 
a  multivariate  polynomial  in  the  variables  Xi  by  finding  a  substitution  (X,  >-*  Z‘') 
that  sends  a  multivariate  polynomi2d  into  a  univariate  polynomial.  We  then  apply  the 
proposition  to  the  univariate  polynomial  to  get  our  result.  The  cruciEd  part  of  the  proof 
is  to  show  that  we  can  find  a  substitution  such  that  P(Z‘)  is  not  identically  zero. 

Before,  proceeding  with  our  version  of  the  bounds,  it  is  instructive  to  examine  the 
bound  derivable  from  Kronecker’s  technique,  veui  der  Waerden  (1953).  We  Eire  given 
a  polynomiEd  in  n  VEuiables,  P(Xi, . . .  ,X„)  where  the  msodmum  degree  in  any  one 
variable  is  d  and  assume  there  are  no  more  than  T  non-zero  terms  in  P.  Let  £  be 
an  integer  larger  tham  d.  Consider  the  substitution,  Xi  .A  monomial  A'®  is 

mapped  to  a  monomial  in  Z  raised  to  the  power: 

Since  each  of  the  Cj  are  strictly  smaller  thim  £  this  xnapping  is  one  to  one  and  invertible. 
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Furthermore,  we  haven’t  changed  the  number  of  non-zero  terms  in  the  polynomial, 
i.e.  terms(P(A'))  =  terms(P(Z)).  By  proposition  1,  if  P(Z)  vanishes  for  T  positive 
values  of  Z,  then  it  (nind  thus  P(-if))  is  identically  zero.  This  would  be  our  desired 
proposition  if  the  values  chosen  for  the  X,-  were  smsJl  enough.  The  smallest  integer 
values  we  can  choose  for  Z  axe  1, 2, . . . ,  T.  Thus  the  values  for  Xi  are 

l'  ,2*  ,...,T'  . 

Unfortunately,  the  size  of  the  largest  substitution,  *  is  exponential  in  the  number 
of  variables. 

This  baisic  idea  can  be  salvaged  by  a  more  flexible  choice  of  exponent  substitutions. 
Rather  than  using  an  invertible  substitution,  as  Kronecker  does,  we  choose  one  that 
merely  guarantees  that  P{Z)  is  not  identically  zero  if  P{X)  is  not.  In  light  of  the  results 
of  Ben-Or  emd  Tiwari  the  importance  of  this  resxilt  is  somewhat  dimished.  However  the 
technique  used  to  reduce  a  multivariate  polynomial  to  a  univariate  polynomial,  while 
preserving  the  number  of  non-zero  terms  seems  quite  powerful. 

We  begin  with  a  definition  and  some  lemmas. 

Definition:  1.  Let  5  be  a  set  of  n-tuples  with  components  in  a  ring  R.  S  is  said  to 
be  maximally  independent  if  every  subset  of  n  elements  of  S  is  R- linearly  independent. 

In  our  situation,  each  element  of  S,  s,  corresponds  to  a  substitution  Xi  2*’  . 
The  following  lemma  shows  that  there  exist  sets  of  N  maximally  independent  n-tuples 
with  entries  not  much  larger  than  N. 

Lemma  1.  Let  S  be  a  positive  integer,  and p  the  smallest  prime  larger  than  S.  There 
exists  a  maximally  independent  set  of  S  n-tuples  with  components  in  Z  where  each  of 
the  components  of  the  n-tuples  is  less  than  p. 

Proof:  First  we  show  that  we  can  construct  Mbitrarily  large  maximally  independent 
sets  of  n-tuples.  Then  by  reducing  them  modulo  a  prime  we  get  the  n-tuples  required 
by  the  lemma.  Consider  n-tuples  of  the  form  ).  For  n  of  these  to  be 

independent  the  determinant  of  the  matrix 

/I  k,  k]  ...  kr\ 

1  Jb2  kl  ...  jb^-^ 

\l  kn  kl  ...  k--^J 

must  not  be  zero.  Since  this  is  a  Vandermonde  matrix,  its  determinant  is 
by  proposition  3. 

Thus  if  the  k,  are  distinct  the  vectors  they  generate  will  be  linearly  independent. 
In  partictilar  if  we  let  u*  =  (1,  fc, . . . ,  then  any  subset  of  n  of  the  ut  will  be 

linearly  independent.  Furthermore,  if  we  reduce  the  elements  of  u*  by  a  prime  larger 
than  any  of  the  k,  the  n-tuples  remain  maximally  independent.  Q 
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Lemma  2.  Let  L{X)  =  w  •  X  be  a  linear  form  in  the  n  variables  X,  that  is  not 
identically  zero.  are  linearly  independent  n-vectors,  then  L{pi)  ^  0  for 

some  i. 


Proof:  Since  the  n-tuples  pi  =  (p,i,p,-2,  •  •  •  ,Pin)  are  linearly  independent,  the  matrix 


Pn 

Pl2  • 

Pin 

P21 

P22  • 

•  •  P2n 

Pnl 

Pn2  • 

Pnn 

is  non-singulen‘.  Denote  by  w  the  column  vector  (i^i, . . .  If  L  vanishes  at  each 

of  the  n-tuples  pi  then 

A  •  tu  =  0. 

Since  A  is  non-singulzu",  w  must  be  identically  zero. 

Lemma  3.  Let  Lj{X)  —  Wj  •  X  be  a  set  ofT  linear  forms  in  n  veuriables  A',,  where 
none  of  the  forms  is  identically  zero.  There  exists  a  set  of  (n  —  1)  ■  T  +  1  n-tuples  such 
that  for  one  of  these  n-tuples  none  of  the  Lj  vanish.  Furthermore,  the  components  of 
these  n-tuples  can  be  chosen  such  that  each  component  is  less  than  2nT. 


Proof:  By  the  previous  lemma,  each  Li  can  vanish  at  no  more  than  n  —  1  independent 
n-tuples.  Assuming  none  of  the  forms  vanish  at  the  same  n-tuple,  there  can  only 
(n  —  1)  •  T  n-tuples  for  which  one  of  the  forms  vanish.  Q 

This  Lemma  can  be  extended  somewhat  to  give  a  estimate  of  the  number  of  n- 
tuples  required  to  enstire  that  eaoh  linear  form  tedces  on  a  distinct  value.  This  is 
important  enough  to  justify  czdling  it  a  proposition. 

Proposition  11.  Let  Lj(X)  =  Wj-X  be  a  set  ofT  distinct  linear  forms  in  n  variables 
Xi .  There  exists  a  set  of 

(n-l)-T.(r-l) 

2 

n-tuples  such  that  each  Lj  takes  on  a  different  value  for  one  of  them,  and  where  the 
components  are  each  less  than  nT(T  —  1). 


Proof:  Consider  the  set  of  forms 

Mij  =  (toi  -  Wj)  ■  X. 

Ignoring  the  diagonal  forms  (Mu),  which  are  identically  zero,  there  are  T(T  -  l)/2 
distinct  forms  up  to  sign.  Lj  and  Lj  have  the  same  value  for  some  n-tuple,  if  and  only 
if  Mij  vanishes  at  the  saune  n-tple.  By  Lenuna  3,  there  exists  a  set  of 

(n-l).T-(r-l) 

2 
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n-tuples  such  that  for  one  them,  none  of  the  Mij  vanish,  and  each  has  components  less 
than  nT(T  —  1).  Q 

Proposition  12  is  proven  by  applying  the  same  type  of  reasoning  used  earlier  with 
Kronecker’s  trick,  using  a  sufficiently  large,  maodmally  independent  set  of  n-tuples. 

Proposition  12.  There  exists  a  set  of  nT^  n-tuples  such  that  there  is  no  polynomial 
with  less  than  T  non-zero  terms  that  vanishes  at  each  of  the  n-tuples.  Furthermore, 
the  absolute  value  of  the  components  of  the  n-tuples  is  less  than  and  they  have 

size  0(nT  log  T). 

Proof:  Asstime  P(Xi, . . . ,  A'n)  is  not  identically  zero  and  let  the  terms  of  P  be 

P(X)  =  ciX‘^  -b  cjJf  -!-•••  +  ctX^^  . 

The  substitution  Xi  *-»  Z“''  sends  this  polynomial  into 

P{Z)  -b  -b  •  •  •  + 

This  substitution  must  be  chosen  so  that  P(Z)  is  not  identically  zero.  This  can  be 
done  by  requiring  that  for  any  i  ^  I 

ei  ■  u  ^  ■  u 

or  equivalently  (cj  —  ei)  •  u  ^  0. 

By  lemma  3,  we  can  choose  a  set  of  (n  —  1)(T  —  1)  -b  1  maximally  independent 
n-tuples  such  that  one  of  them  satisfies  (e,-  —  ci) •  u  5^  0.  We  can  bound  the  components 
of  u  by  p  where  p  be  the  smallest  prime  larger  than  (n  —  l)(r  —  1)  -b  1.  Notice  that 
p  <  2nT. 

Each  of  the  n-tuples  gives  rise  to  a  mapping  from  P{X)  to  P{Z).  Since  P(Z)  has 
no  more  than  T  monomials,  we  need  not  try  more  than  T  positive  integer  values  for 
each  u.  In  particular  we  can  use  the  values  1, 2, . . . ,  T  for  Z.  Thus  there  exists  a  set 
of  (n  —  1)(T  —  l)r  +  T  <  nT^  points  that  satisfies  the  requirements  of  the  theorem. 
Furthermore,  each  component  of  the  substitution  is  bounded  by  Q 

Proposition  13.  There  exists  a  set  of  nT^  n-tuples,  whose  components  are  of  size 
O(nTlogT),  such  that  for  every  set  of  polynomials  Pi  €  Z[xi, . . . ,  z„]  with 

tenns(P,  )  <  T, 

t 

there  is  at  least  one  n-tuple  where  none  of  the  polynomials  vanish. 

This  proposition  follows  from  proposition  12  and  the  observation  that  if  -b  •  •  •  -b 
f*  =  T,  then  the  maximum  value  of  -b - b  is  T^. 

The  remaining  result  in  this  section  is  due  to  Ben-Or  eind  Tiwari  (1988).  By 
using  a  direct  mxiltivariate  appro2w:h  to  the  zero-avoidzmce  problem,  they  improve  the 
O(nT^)  result  of  proposition  12  for  the  zero  avoideince  problem  to  T,  which  is  best 
possible.  Ben-Or  and  Tiwari’s  main  idea  for  this  problem  is  contained  in  the  following 
proposition. 
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Proposition  14.  Let  P(X}  be  a  non-zero  polynomial  in  i2[X]  with  at  most  T  terms 
and  with  monoxnial  exponent  vectors  c^.  Assume  there  exists  an  n-tuple  x  such  that 
the  X*'  are  distinct.  Then  not  all  of  P{x°),  P{x),  P(x^),  •  •  • ,  P{x^~^ )  are  zero. 

Proof:  Denote  x^'  by  m,-.  By  assiimption,  eaeh  of  the  are  distinct.  If  P  vanished 
at  each  of  the  x*  then  the  following  system  of  linear  equations  would  hold. 

Cl  +  C2  H - Ct*  =  0 

Cirrii  +  021712  'H  •  •  *  +  ctt^t  —  0 
Ciml  +  02*712  H - h  cymy  =  0 

+  C2m|’“^  H - h  CTm^~^  =  0 

Since  this  is  a  Vandermonde  system  and  we  have  assumed  that  the  rm  are  distinct, 
the  system  of  equations  is  non-singular.  Thus  the  Ci  must  all  be  zero,  and  P  must  be 
identically  zero  for  all  of  P(x^,  P(^),  P(^),  •  •  • ,  P(x^~^ )  to  vanish.  Q 

The  key  then  is  finding  a  substitution  that  keeps  the  monomials  distinct.  If  P  is 
a  polynomial  over  a  unique  factorization  domain  (such  as  the  rational  integers)  then 
this  is  relatively  easy — we  choose  the  components  of  x  to  be  distinct  primes.  In  this 
case  each  of  the  m,  must  be  distinct  by  unique  factorization.  For  polynomials  over 
finite  fields  estimates  of  the  difficulty  in  finding  such  the  right  initial  substitution  can 
be  made  form  proposition  7,  but  this  leads  to  a  probabilistic  algorithm. 

The  following  proposition  considers  the  zero  avoidance  problem  for  several  poly¬ 
nomials. 

Proposition  15.  Let  Pi(X),  ■  •  .,Pf(X)  be  non-zero  polynomials  in  U[Xi,. . .  Xn],  U 
a  unique  factorization  domain  and  assume  that  terms  Pi  -f  •  •  •  -f  terms  P,  =  T.  Let  x 
be  a  vector  of  n  primes  in  U.  Then  for  integer  j,  0  <  j  <  T,  all  of  Pi{x^)  are  different 
from  zero. 

Proof:  Denote  the  points  {x®,  x, . . . , x^}  by  5.  P,  cannot  vanish  at  more  than  terms  P, 
elements  of  S  by  proposition  5.  Since  S  contains  T  -f  1  points,  there  must  be  one  for 
which  none  of  the  Pi  vanish. 

6.  New  Interpolation  Algorithm 

Using  either  of  the  deterministic  solutions  of  the  zero  avoidance  problem  given  in 
the  previous  section  (propositions  13  and  15),  it  is  possible  to  modify  the  probabilistic 
sparse  polynomied  interpolation  algorithm  of  section  4  to  malce  it  deterministic. 

As  usual,  we  wish  to  interpolate  a  sparse  polynomial  with  no  more  than  T  non¬ 
zero  terms,  P(J?)  €  F[Xi,. . .  ,X„],  from  its  values.  As  in  the  last  section  we  will  only 
consider  the  case  when  F  is  the  rational  integers  or  a  finite  field  of  sufficiently  large 
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characteristic.  For  simplicity  our  discussion  will  use  F  =  Z.  Thus  we  can  guarantee 
that  the  Vandermonde  systems  of  equations  are  always  non-singular,  by  using  as  the 
initial  starting  point:  (2, 3, 5, . . .  ,Pn),  where  pn  is  the  nth  prime. 

The  only  remaining  source  of  erroneous  answers  in  the  probabilistic  algorithm  of 
section  4,  is  that  coefficient  polynomials  may  vanish  at  the  starting  point.  To  be  more 
precise,  assume  the  starting  point  of  the  interpolation  is  xio,3:20, •  •  •  ,a^no-  Consider 
stage  fc,  where  we  are  introducing  Xi-.  We  can  write  P{X)  as 

P(X)  =  pikiXk+l,.  .  .  ,Xn)(Xu. . .  +  ■  •  •  +  Ptk(Xk+U-  ■  ■  ,  ^nXXi Xkf  ■ 

If  the  polynomials  pik  do  not  vanish  at  the  starting  point,  then  skeleton  produced  at 
stage  k  will  be  a  correct  image  of  skelP.  If  this  is  the  case  we  say  the  starting  point 
is  a  stage  k  good  starting  point.  If  the  starting  point  was  not  good,  then  the  resulting 
skeleton  will  be  strictly  smaller  than  the  correct  one  at  that  stage. 

The  deterministic  version  of  the  sparse  modul^lr  algorithm  assumes  that  at  stage 
k  —  1,  the  polynomial  it  is  given  has  the  correct  skeleton.  It  then  produces  a  k  variable 
polynomial  that  has  the  correct  skeleton,  by  ensuring  that  it  has  used  a  starting  point 
for  which  none  of  the  pik  vanish.  This  is  easily  done  by  performing  the  operations  of 
stage  k,  T  times,  using  oi  •  •  •  > ®no)  ^  values  for  the  undertermined  variables. 
Since  the  total  number  of  terms  in  pik  not  greater  them  T,  by  proposition  14,  one  of 
these  starting  points  will  be  stage  k  good.  Since  we  know  the  correct  k  —  1  skeleton  it 
is  not  necessary  to  repeat  lower  stages  of  the  algorithm. 

Thus  this  algorithm  will  require  T  times  more  operations  than  the  probabilistic 
version.  The  components  of  the  evaluation  points  are  always  primes  (or  a  random 
integer  for  X„).  Thus  the  largest  component  will  be  p^,  whose  size  is  app-oximately 
0(T  log  n  log  log  n). 

7.  Discussion 

We  have  presented  new  deterministic  solutions  to  both  the  zero  avoidance  problem 
and  the  interpolation  problem  for  speirse  polynomials.  The  zero  avoidance  technique 
of  proposition  13  reduces  multivariate  problems  to  univariate  problems.  The  inter¬ 
polation  aJgorithm  presented  may  have  better  performance  than  Ben-Or  and  Tiwari’s 
interpolation  algorithm  if  the  bound  on  the  number  of  terms  is  not  sharp. 

Unfort imately,  these  deterministic  results  do  not  immediately  yield  deterministic 
algorithms  for  the  multiv2iriate  polynomi2d  greatest  common  divisor  (GCD)  and  fac¬ 
torization  problems.  For  the  GCD  problem  a  technique  for  avoiding  the  zeroes  of  the 
resultant  of  the  two  polynomials  is  needed.  Unfortunately,  stredghtforward  estimates 
of  the  number  of  terms  of  the  resultant  are  exponential  in  the  number  of  variables 
even  if  the  original  polynomials  were  sparse.  For  the  factorization  problem,  using  Uie 
current  techniques,  there  still  remains  the  need  for  an  effective  version  of  the  Hilbert 
Irreducibility  theorem  with  good  constants.  The  existing  versions  give  probabilistic 
results,  von  zur  Gathen  (1983),  Heintz  and  Sieveking  (1981)  and  Kaltofen  (1985b). 
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